source: branches/backfire/package/iptables/Makefile @ 27647

Last change on this file since 27647 was 27647, checked in by jow, 5 years ago

[backfire] merge r27646

  • Property svn:copyright set to Copyright (C) 2006 OpenWrt.org
  • Property svn:eol-style set to native
File size: 11.2 KB
Line 
1#
2# Copyright (C) 2006-2010 OpenWrt.org
3#
4# This is free software, licensed under the GNU General Public License v2.
5# See /LICENSE for more information.
6#
7
8include $(TOPDIR)/rules.mk
9include $(INCLUDE_DIR)/kernel.mk
10
11PKG_NAME:=iptables
12PKG_VERSION:=1.4.6
13PKG_RELEASE:=3
14
15PKG_MD5SUM:=c67cf30e281a924def6426be0973df56
16PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
18        ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
19        ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
20        ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
21
22PKG_FIXUP:=autoreconf
23
24include $(INCLUDE_DIR)/package.mk
25ifeq ($(DUMP),)
26  -include $(LINUX_DIR)/.config
27  include $(INCLUDE_DIR)/netfilter.mk
28  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | md5s)
29endif
30
31
32define Package/iptables/Default
33  SECTION:=net
34  CATEGORY:=Network
35  URL:=http://netfilter.org/
36endef
37
38define Package/iptables/Module
39$(call Package/iptables/Default)
40  DEPENDS:=iptables $(1)
41endef
42
43define Package/iptables
44$(call Package/iptables/Default)
45  TITLE:=IPv4 firewall administration tool
46  MENU:=1
47  DEPENDS+= +kmod-ipt-core +libip4tc +libxtables
48endef
49
50define Package/iptables/description
51IPv4 firewall administration tool.
52Includes support for:
53- comment
54- limit
55- LOG
56- mac
57- multiport
58- REJECT
59- TCPMSS
60endef
61
62define Package/iptables-mod-conntrack
63$(call Package/iptables/Module, +kmod-ipt-conntrack)
64  TITLE:=Basic connection tracking extensions
65endef
66
67define Package/iptables-mod-conntrack/description
68Basic iptables extensions for connection tracking.
69Includes:
70- state
71- raw
72- NOTRACK
73endef
74
75define Package/iptables-mod-conntrack-extra
76$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
77  TITLE:=Extra connection tracking extensions
78endef
79
80define Package/iptables-mod-conntrack-extra/description
81Extra iptables extensions for connection tracking.
82Includes:
83- libipt_conntrack
84- libipt_helper
85- libipt_connmark/CONNMARK
86endef
87
88define Package/iptables-mod-filter
89$(call Package/iptables/Module, +kmod-ipt-filter)
90  TITLE:=Content inspection extensions
91endef
92
93define Package/iptables-mod-filter/description
94iptables extensions for packet content inspection.
95Includes:
96- libipt_string
97- libipt_layer7
98endef
99
100define Package/iptables-mod-imq
101$(call Package/iptables/Module, +kmod-ipt-imq)
102  TITLE:=IMQ support
103endef
104
105define Package/iptables-mod-imq/description
106iptables extension for IMQ support.
107Includes:
108- libipt_IMQ
109endef
110
111define Package/iptables-mod-ipopt
112$(call Package/iptables/Module, +kmod-ipt-ipopt)
113  TITLE:=IP/Packet option extensions
114endef
115
116define Package/iptables-mod-ipopt/description
117iptables extensions for matching/changing IP packet options.
118Includes:
119- libipt_CLASSIFY
120- libipt_dscp/DSCP
121- libipt_ecn/ECN
122- libipt_length
123- libipt_mac
124- libipt_mark/MARK
125- libipt_statistic
126- libipt_tcpmms
127- libipt_tos/TOS
128- libipt_ttl/TTL
129- libipt_unclean
130endef
131
132define Package/iptables-mod-ipsec
133$(call Package/iptables/Module, +kmod-ipt-ipsec)
134  TITLE:=IPsec extensions
135endef
136
137define Package/iptables-mod-ipsec/description
138iptables extensions for matching ipsec traffic.
139Includes:
140- libipt_ah
141- libipt_esp
142- libipt_policy
143endef
144
145define Package/iptables-mod-ipset
146$(call Package/iptables/Module, @LINUX_2_6)
147  TITLE:=IPset iptables extensions
148endef
149
150define Package/iptables-mod-ipset/description
151IPset iptables extensions.
152Includes:
153- libipt_set
154- libipt_SET
155endef
156
157define Package/iptables-mod-nat
158$(call Package/iptables/Module, +kmod-ipt-nat)
159  TITLE:=Basic NAT extensions
160endef
161
162define Package/iptables-mod-nat/description
163iptables extensions for basic NAT targets.
164Includes:
165- MASQUERADE
166- SNAT
167- DNAT
168endef
169
170define Package/iptables-mod-nat-extra
171$(call Package/iptables/Module, +kmod-ipt-nat-extra)
172  TITLE:=Extra NAT extensions
173endef
174
175define Package/iptables-mod-nat-extra/description
176iptables extensions for extra NAT targets.
177Includes:
178- REDIRECT
179endef
180
181define Package/iptables-mod-ulog
182$(call Package/iptables/Module, +kmod-ipt-ulog)
183  TITLE:=user-space packet logging
184endef
185
186define Package/iptables-mod-ulog/description
187iptables extensions for user-space packet logging.
188Includes:
189- libipt_ULOG
190endef
191
192define Package/iptables-mod-hashlimit
193$(call Package/iptables/Module, +kmod-ipt-hashlimit)
194  TITLE:=hashlimit matching
195endef
196
197define Package/iptables-mod-hashlimit/description
198iptables extensions for hashlimit matching
199Includes:
200- libxt_hashlimit
201endef
202
203define Package/iptables-mod-iprange
204$(call Package/iptables/Module, +kmod-ipt-iprange)
205  TITLE:=IP range extension
206endef
207
208define Package/iptables-mod-iprange/description
209iptables extensions for matching ip ranges.
210Includes:
211- libipt_iprange
212endef
213
214define Package/iptables-mod-extra
215$(call Package/iptables/Module, +kmod-ipt-extra)
216  TITLE:=Other extra iptables extensions
217endef
218
219define Package/iptables-mod-extra/description
220Other extra iptables extensions.
221Includes:
222- libipt_owner
223- libipt_physdev
224- libipt_pkttype
225- libipt_recent
226endef
227
228define Package/iptables-utils
229$(call Package/iptables/Module, )
230  TITLE:=iptables save and restore utilities
231endef
232
233define Package/ip6tables
234$(call Package/iptables/Default)
235  DEPENDS:=+kmod-ip6tables +libip6tc +libxtables
236  CATEGORY:=IPv6
237  TITLE:=IPv6 firewall administration tool
238  MENU:=1
239endef
240
241define Package/ip6tables-utils
242$(call Package/iptables/Default)
243  DEPENDS:=ip6tables
244  CATEGORY:=IPv6
245  TITLE:=ip6tables save and restore utilities
246endef
247
248define Package/libiptc
249$(call Package/iptables/Default)
250  SECTION:=libs
251  CATEGORY:=Libraries
252  DEPENDS:=+libip4tc +libip6tc
253  TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
254endef
255
256define Package/libip4tc
257$(call Package/iptables/Default)
258  SECTION:=libs
259  CATEGORY:=Libraries
260  TITLE:=IPv4 firewall - shared libiptc library
261endef
262
263define Package/libip6tc
264$(call Package/iptables/Default)
265  SECTION:=libs
266  CATEGORY:=Libraries
267  TITLE:=IPv6 firewall - shared libiptc library
268endef
269
270define Package/libxtables
271 $(call Package/iptables/Default)
272 SECTION:=libs
273 CATEGORY:=Libraries
274 TITLE:=IPv4/IPv6 firewall - shared xtables library
275endef
276
277
278TARGET_CPPFLAGS := \
279        -I$(PKG_BUILD_DIR)/include \
280        -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
281        $(TARGET_CPPFLAGS)
282
283CONFIGURE_ARGS += \
284        --enable-shared \
285        --enable-devel \
286        --enable-ipv6 \
287        --with-kernel="$(LINUX_DIR)" \
288        --with-xtlibdir=/usr/lib/iptables
289
290IPTABLES_MAKEOPTS = \
291                $(TARGET_CONFIGURE_OPTS) \
292                COPT_FLAGS="$(TARGET_CFLAGS)" \
293                LDFLAGS="-rdynamic -static-libgcc" \
294                KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
295                KBUILD_OUTPUT="$(LINUX_DIR)" \
296                DESTDIR="$(PKG_INSTALL_DIR)" \
297                $(MAKE_TARGETS)
298
299define Build/Compile
300        $(INSTALL_DIR) $(PKG_INSTALL_DIR)
301        $(MAKE) -C $(PKG_BUILD_DIR) $(IPTABLES_MAKEOPTS)
302        $(MAKE) -C $(PKG_BUILD_DIR) $(IPTABLES_MAKEOPTS) install
303        $(MAKE) -C $(PKG_BUILD_DIR)/libipq $(IPTABLES_MAKEOPTS)
304        $(MAKE) -C $(PKG_BUILD_DIR)/libipq $(IPTABLES_MAKEOPTS) install
305endef
306
307define Build/InstallDev
308        $(INSTALL_DIR) $(1)/usr/include
309        $(INSTALL_DIR) $(1)/usr/include/iptables
310        $(INSTALL_DIR) $(1)/usr/include/net/netfilter
311
312        # XXX: iptables header fixup, some headers are not installed by iptables anymore
313        $(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
314        $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
315        $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
316        $(CP) $(PKG_BUILD_DIR)/include/libipq/libipq.h $(1)/usr/include/
317        $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
318        $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
319
320        $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
321        $(INSTALL_DIR) $(1)/usr/lib
322        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
323        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
324        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.a $(1)/usr/lib/
325        $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
326        $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
327        $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
328endef
329
330define Package/iptables/install
331        $(INSTALL_DIR) $(1)/usr/sbin
332        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
333        $(INSTALL_DIR) $(1)/usr/lib/iptables
334        (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
335                for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \
336                        if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \
337                                $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\
338                        fi; \
339                done \
340        )
341endef
342
343define Package/iptables-utils/install
344        $(INSTALL_DIR) $(1)/usr/sbin
345        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables-multi $(1)/usr/sbin/
346        $(LN) iptables-multi $(1)/usr/sbin/iptables-save
347        $(LN) iptables-multi $(1)/usr/sbin/iptables-restore
348endef
349
350define Package/ip6tables/install
351        $(INSTALL_DIR) $(1)/usr/sbin
352        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
353        $(INSTALL_DIR) $(1)/usr/lib/iptables
354        (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
355                $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
356        )
357endef
358
359define Package/ip6tables-utils/install
360        $(INSTALL_DIR) $(1)/usr/sbin
361        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-multi $(1)/usr/sbin/
362        $(LN) ip6tables-multi $(1)/usr/sbin/ip6tables-save
363        $(LN) ip6tables-multi $(1)/usr/sbin/ip6tables-restore
364endef
365
366define Package/libiptc/install
367        $(INSTALL_DIR) $(1)/usr/lib
368        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
369endef
370
371define Package/libip4tc/install
372        $(INSTALL_DIR) $(1)/usr/lib
373        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
374endef
375
376define Package/libip6tc/install
377        $(INSTALL_DIR) $(1)/usr/lib
378        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
379endef
380
381define Package/libxtables/install
382        $(INSTALL_DIR) $(1)/usr/lib
383        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
384endef
385
386define BuildPlugin
387  define Package/$(1)/install
388        $(INSTALL_DIR) $$(1)/usr/lib/iptables
389        for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
390                if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
391                        $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
392                fi; \
393        done
394        $(3)
395  endef
396
397  $$(eval $$(call BuildPackage,$(1)))
398endef
399
400L7_INSTALL:=\
401        $(INSTALL_DIR) $$(1)/etc/l7-protocols; \
402        $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
403
404
405$(eval $(call BuildPackage,iptables))
406$(eval $(call BuildPackage,iptables-utils))
407$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
408$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
409$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
410$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
411$(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
412$(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
413$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
414$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
415$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
416$(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
417$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
418$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
419$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
420$(eval $(call BuildPackage,ip6tables))
421$(eval $(call BuildPackage,ip6tables-utils))
422$(eval $(call BuildPackage,libiptc))
423$(eval $(call BuildPackage,libip4tc))
424$(eval $(call BuildPackage,libip6tc))
425$(eval $(call BuildPackage,libxtables))
Note: See TracBrowser for help on using the repository browser.